I'm sure this is not the first post on this subject.
I have a customer who is using a well known cable modem provider in the U.S.A. Alabama area. The Fortigate is a FGT60D and the traffic load is low. Firmware 5.2.7. Wth all UTM features turned on. The CPU is running about 30% and the memory is about 30%, drive space is about 2%.
So here is the problem. I plug directly into cable modem with a laptop a gigabit Ethernet port I can get speeds of 100+ mbps.
If I run the same speed tests from behind the firewall I can get no more that 30-50 mbps. The interface is running clean. I set the MTU to 1486, the link is 1000 mbps no errors or discards.
MARC # diag hardware deviceinfo nic wan1
Driver Name :Fortinet NP4Lite Driver
Host Rx Pkts :14016141
Host Rx Bytes :1368925816
Host Tx Pkts :4185891
Host Tx Bytes :704822715
Rx Pkts :14694625
Rx Bytes :2165812281
Tx Pkts :4712018
Tx Bytes :1193377881
cmd_in_list : 0
promiscuous : 1
ANyone have any suggestions on how to increase the speed/throughput on the Fortigate?
Thanks for the input, I had already tried disabling everything possible without killing traffic flow and it did not make that much difference. The provider switched out their modem and it helped a little but I still believe there is a issue at layer 2-4. If I can get a 100 Mbps speed test from the modem then I should at least get an 80 Mbps test through the Fortigate. I ran the hardware diagnostic and it came back clean.
On another note it seems to be the same on all of my cable modem customers. I have even had some that will loose sync with the cable modem and just stop passing traffic. I can ping the gateway IP from the public side and I can ping the Gateway from the Fortigate side but the traffic will not pass through the connection, also the route goes down and will not come back up until one of the devices (Fortigate or Cable modem) has been rebooted. This is for several customers not just one. I've tried hard coding the speed and duplex, changing the MTU, and changed the port. zit is only on the cable modem connections nothing else.
How do you authenticate on the port to the modem? There is a known high speed-high CPU issue with low end FGTs if they are configured to run PPPoE in excess of 100 Mbps. The PPPoE protocol is run on the CPU which is not capable of high loads.
In contrast, running 1 Gbps IPsec is no problem CPU-wise even on small FGTs as the crypting load is offloaded to an ASIC.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.